aboutsummaryrefslogtreecommitdiffstats
path: root/.github/workflows/codeql-analysis.yml
Commit message (Collapse)AuthorAgeFilesLines
* Build: Bump the github-actions group with 2 updatesdependabot[bot]2024-07-051-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) Updates `github/codeql-action` from 3.25.8 to 3.25.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2e230e8fe0ad3a14a340ad0815ddb96d599d2aff...b611370bb5703a7efb587f9d136a52ea24c5c38c) Closes gh-5515 --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Build: Bump the github-actions group with 2 updatesdependabot[bot]2024-06-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 4.1.2 to 4.1.6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...a5ac7e51b41094c92402da3b24376905380afc29) Updates `github/codeql-action` from 3.24.9 to 3.25.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/1b1aada464948af03b950897e5eb522f92603cc2...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Closes gh-5505
* Build: Bump actions/cache, actions/checkout & github/codeql-actiondependabot[bot]2024-04-021-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Bump actions/cache from 4.0.1 to 4.0.2 Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/ab5e6d0c87105b4c9c2047343972218f562e4319...0c45773b623bea8c8e75f6c82b208c3cf94ea4f9) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... 2. Bump github/codeql-action from 3.24.6 to 3.24.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8a470fddafa5cbb6266ee11b37ef4d8aae19c571...1b1aada464948af03b950897e5eb522f92603cc2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Bump actions/checkout from 4.1.1 to 4.1.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...9bb56186c3b09b4f86b1c65136769dd318469633) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Closes gh-5462 Signed-off-by: dependabot[bot] <support@github.com>
* Build: Bump github/codeql-action from 3.24.0 to 3.24.6dependabot[bot]2024-03-101-3/+3
| | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e8893c57a1f3a2b659b6b55564fdfdbbd2982911...8a470fddafa5cbb6266ee11b37ef4d8aae19c571) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Close gh-5425
* Build: Bump actions/cache & github/codeql-action (#5402)dependabot[bot]2024-02-111-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Build: Bump actions/cache from 3.3.2 to 4.0.0 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 4.0.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/704facf57e6136b1bc63b828d79edcd491f0ee84...13aacd865c20de90d75de3b17ebe84f7a17d57d2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... * Build: Bump github/codeql-action from 3.22.12 to 3.24.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...e8893c57a1f3a2b659b6b55564fdfdbbd2982911) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> --------- Closes gh-5402 Closes gh-5415 Signed-off-by: dependabot[bot] <support@github.com>
* Build: Bump actions/setup-node and github/codeql-actiondependabot[bot]2024-01-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1: Bump actions/setup-node from 4.0.0 to 4.0.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/8f152de45cc393bb48ce5d89d36b731f54556e65...b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... 2: Bump github/codeql-action from 2.22.5 to 3.22.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 3.22.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/74483a38d39275f33fcff5f35b679b5ca4a26a99...012739e5082ff0c22ca6d6ab32e07c36df03c4a4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Closes gh-5381 Closes gh-5382 Signed-off-by: dependabot[bot] <support@github.com>
* Build: Reformat GitHub workflow Yaml filesMichał Gołębiowski-Owczarek2023-11-201-39/+38
| | | | | | | | | Use Prettier 3.1.0 to reformat the Yaml files. This makes their format identical to the one used on `3.x-stable`, making for much easier cherry-picks. The main difference is the list under `steps:` was not indented while all other lists were. Closes gh-5364
* Build: Bump @babel/traverse & multiple actionsMichał Gołębiowski-Owczarek2023-11-131-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1: Bump actions/cache from 3.3.1 to 3.3.2 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8...704facf57e6136b1bc63b828d79edcd491f0ee84) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... 2: Bump actions/checkout from 3.6.0 to 4.1.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/f43a0e5ff2bd294095638e18286ca9a3d1956744...b4ffde65f46336ab88eb53be808477a3936bae11) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... 3: Bump github/codeql-action from 2.21.5 to 2.22.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.22.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/00e563ead9f72a8461b24876bee2d0c2e8bd2ee8...74483a38d39275f33fcff5f35b679b5ca4a26a99) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... 4: Bump actions/setup-node from 3.8.1 to 4.0.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d...8f152de45cc393bb48ce5d89d36b731f54556e65) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... 5: Bump @babel/traverse from 7.22.5 to 7.23.2 Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.5 to 7.23.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Closes gh-5341 Closes gh-5349 Closes gh-5354 Closes gh-5355 Closes gh-5356 Closes gh-5363 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Build: Don't run CI push workflows for dependabot branchesMichał Gołębiowski-Owczarek2023-11-131-2/+3
| | | | | | Without this change, dependabot PRs run double checks - one set for the `push` part and one for the `pull_request` part. Closes gh-5353
* Build: Bump actions/checkout, actions/setup-node & github/codeql-actiondependabot[bot]2023-09-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1: Bump actions/checkout from 3.5.3 to 3.6.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/c85c95e3d7251135ab7dc9ce3241c5835cc595a9...f43a0e5ff2bd294095638e18286ca9a3d1956744) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... 2: Bump actions/setup-node from 3.6.0 to 3.8.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.8.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c...5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... 3: Bump github/codeql-action from 2.20.1 to 2.21.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.21.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f6e388ebf0efc915c6c5b165b019ee61a6746a38...00e563ead9f72a8461b24876bee2d0c2e8bd2ee8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Closes gh-5311 Closes gh-5312 Closes gh-5313 Signed-off-by: dependabot[bot] <support@github.com>
* Build: Bump github/codeql-action & actions/checkoutdependabot[bot]2023-07-021-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1: Bump github/codeql-action from 2.3.6 to 2.20.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.20.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...f6e388ebf0efc915c6c5b165b019ee61a6746a38) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... 2: Build: Bump actions/checkout from 3.5.2 to 3.5.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Closes gh-5283 Closes gh-5284
* Build: Reference GitHub Actions by commit SHAsGabriela Gutierrez2023-06-131-4/+4
| | | | | | | | | | | | | | | | | | | | | | The SHAs are verified to come from the original repositories and not forks. For reference: https://github.com/github/codeql-action/releases/tag/v2.3.6 https://github.com/github/codeql-action/commit/83f0fe6c4988d98a455712a27f0255212bba9bd4 https://github.com/actions/checkout/releases/tag/v3.5.2 https://github.com/actions/checkout/commit/8e5e7e5ab8b370d6c329ec480221332ada57f0ab https://github.com/actions/cache/releases/tag/v3.3.1 https://github.com/actions/cache/commit/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 https://github.com/actions/setup-node/releases/tag/v3.6.0 https://github.com/actions/setup-node/commit/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c Fixes gh-5266 Closes gh-5269 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* Build: Limit permissions for GitHub workflowsAlex2022-12-011-0/+7
| | | | | | | | | | | | | | | | | | | | Add explicit permissions section[^1] to workflows. This is a security best practice because by default workflows run with extended set of permissions[^2] (except from `on: pull_request` from external forks[^3]. By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection[^4] or compromised third party tool or action) is restricted. It is recommended to have most strict permissions on the top level[^5] and grant write permissions on job level[^6] on a case by case basis. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions [^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token [^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ [^4]: https://securitylab.github.com/research/github-actions-untrusted-input/ [^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions [^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Closes gh-5119
* Docs: Remove git.io from a GitHub Actions commentBaoshuo Ren2022-07-121-1/+1
| | | | | | | All links on git.io are deprecated and may stop redirecting at a certain point. See https://github.blog/changelog/2022-04-25-git-io-deprecation/ Closes gh-5036
* Build: Update GitHub ActionsMichał Gołębiowski-Owczarek2022-06-271-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Build(deps): Bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Closes gh-5067
* build: set up periodic code scanning analysisTimmy Willison2020-06-251-0/+51